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DETAILED ACTION 

This Office Action is in response to the communication filed on 1 1/1 1/2008. 
Claims 1-10 have been cancelled. 

Claims 11-12, 18, 20, and 21 have been amended. 

Claims 11-13 and 15-27 have been examined and are pending. 

Response to Arguments 

Applicant's arguments, see page 7, filed 1 1/1 1/2008, with respect to the 35 U.S.C. 1 12, 
2 nd rejection of claims 11, 12, and 21 have been fully considered. The 35 U.S.C. 1 12, 2nd 
rejection of claims 11, 12, and 21 has been withdrawn in view of amendment. 

Applicant's arguments filed 1 1/1 1/2008 have been fully considered but they are not persuasive. 
The Applicant argues the following: 

(A) " Independent claim 1 1 recites, inter alia, "determining an authentication level 
required for the transaction based on a parameter of the transaction," and "completing the 
transaction without authentication of the user when a second one of the authentication level is 
determined." (emphasis added). Applicants submit that neither Taro nor Wood teach or suggest 
at least the aforementioned feature of independent claim 1 1 ." 

(B) "Independent claims 18 and 20 recite, inter alia, "wherein the transaction is 
completed without authentication of the user when a second one of the authentication level is 
determined." (emphasis added). Applicants submit that neither Shuichi, Taro, nor Wood teach or 
suggest at least the aforementioned feature of independent claims 18 and 20." 
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The Examiner respectfully disagrees with the Applicant with the following reasons: 
Per (A): 

Wood teaches determining an authentication level required for the transaction based on a 
parameter of the transaction [Wood: Col. 3 lines 60-64; "The common log-on service obtains a 
first credential for the client entity, the authenticates the client entity thereby, and establishes a 
session having a first authentication level commensurate with authentication requirements of at 
least one of the information resources "]; 

(d) completing the transaction without authentication of the user when a second one of 
the authentication level is determined [Wood: Col. 2, lines 32-46; "...Once credentials have 
been obtained for an entity and have been authenticated to a given trust level, access is granted 
without the need for further credentials and authentications ... "; See also Col. 2, lines 46-67; 
Col. 3, lines 41-53; Col. 3, lines 64 to Col. 4, line 3J. 

Per (B): (Please See per ( A)). 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 
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Claims 11, 17, 21 are rejected under 35 U.S.C. 103(a) as being unpatentable over Fukuo 
Taro (JP 2000-76336) in view of Wood et al. (US 6,609,198 Bl) 

As per claim 11: 

Taro teaches a method, comprising: 

(a) receiving a first request for information from a service device regarding 
authentication of a user, wherein the first request is in response to a transaction at the service 
device [Taro: par. [0024], "The electronic banking authorization system 1-7 receives each 
authentication request demand from two or more Electronic Commerce Technology 
Division service provider equipment 1-6. It has the function to perform authentication for 
electronic banking alone about a user, and functions as an authentication center intensively 
prepared to two or more Electronic Commerce Technology Division service providers" 
Electronic Commerce Technology Division service provider is known as a service device]; 

Taro does not explicitly teach: 

(b) determining an authentication level required for the transaction based on a parameter 
of the transaction; 

(c) performing authentication of the user before completing the transaction when a first 
one of the authentication level is determined; and 

(d) completing the transaction without authentication of the user when a second one of 
the authentication level is determined 

However, Wood teaches log-on service providing credential level change without loss of 
session continuity, wherein 
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(b) determining an authentication level required for the transaction based on a parameter 
of the transaction [Wood: Col. 3 lines 60-64; "The common log-on service obtains a first 
credential for the client entity, the authenticates the client entity thereby, and establishes a 
session having a first authentication level commensurate with authentication requirements 
of at least one of the information resources"]; 

(c) performing authentication of the user before completing the transaction when a first 
one of the authentication level is determined [Wood: Col. 3, lines 41-53]; and 

(d) completing the transaction without authentication of the user when a second one of 
the authentication level is determined [Wood: Col. 2, lines 32-46; "...Once credentials have 
been obtained for an entity and have been authenticated to a given trust level, access is 
granted without the need for further credentials and authentications See also Col. 2, 
lines 46-67; Col. 3, lines 41-53; Col. 3, lines 64 to Col. 4, line 3]. 

Thus, it would have been obvious to the person of ordinary skill in the art at the time the 
invention was made to combine the method and system of Taro with the teaching of Wood to 
provide a single sign on mechanism that allows an entity to tailor its credentialing to an access 
requirement while maintaining a persistent session interface [Wood, Col. 2, lines 60-62]. 



As per claim 17: 

This claim has limitations that are similar to those of claim 11, thus it is rejected with the 
same rationale applied against claim 1 1 above. 
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As per claim 21: 

This claim has limitations that are similar to those of claim 11, thus it is rejected with the 
same rationale applied against claim 1 1 above. 

Claims 12, 22, 23, 24 are rejected under 35 U.S.C. 103(a) as being unpatentable over Fukuo 
Taro (JP 2000-76336) in view of Wood et al. (US 6,609,198 Bl) further in view of Fukai 
Shuichi et al. (JP 2000-92236). 

As per claim 22: 

The combination of Taro and Wood teach the subject matter as described in claim 11. 
Taro further teaches the method of claim 11, wherein the authentication step comprises: 

(a) transmitting to a device a second request for user identification information in 
response to receiving the first request [Taro: par. [0012]; "A means to ************ a user 
terminal through a public network based on this user identifier, and to receive the secrecy 
information of the user for electronic banking directly through this public network from a 
user terminal"]; 

(b) receiving the user identification information from a user communications device 
[Taro: par. [0012]; "A means to ************ a user terminal through a public network 
based on this user identifier, and to receive the secrecy information of the user for 
electronic banking directly through this public network from a user terminal"]; 

(c) comparing the user identification information and authentication information to 
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generate comparison results [Taro: par. [0078]; "Furthermore, in order that an electronic 
banking authorization system may perform his identification by calling back the Electronic 
Commerce Technology Division service user based on the subscriber information 
memorized by the database storage section, the Electronic Commerce Technology Division 
service provider side and the user side - him — necessity of the special authentication 
equipment for identification cannot be carried out, but simple composition can perform his 
identification, and trouble generating of an unjust claim of the charge by a user's 
malpractice etc. can be prevented"] ; and 

(d) using the comparison result for the authentication of the user, and when successful, 
completing the transaction [Taro: par. [0078]]. 

Taro and Wood do not explicitly teach a user terminal as a mobile communication 

device. 

However, Schuichi teaches a mobile communication device which transmits a user ID to 
a host communications devices to a demand [Schuichi: par. [003]; "A communication 
terminal transmits a user ID to a provider to the demand. A provider will demand 
transmission of a password from a communication terminal next, if a user ID checks that it 
is regular ID. A communication terminal transmits a password to the demand. And a 
provider performs user authentication by distinguishing whether the transmitted password 
is a password corresponding to the user ID transmitted previously"; fig. 1, a 
communication terminal is a mobile device 100]. 

Thus, it would have been obvious to the person of ordinary skill in the art at the time the 
invention was made to combine the method of Taro and Wood by including the teaching of 
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Schuichi to provide users with a means for safely and effectively performing authentication 
between a registered user and a service provider [Schuichi: abstract and par. [0003]]. 

As per claim 12: 

The combination of Taro, Wood, and Schuichi teach the subject matter as described in 
claim 22. 

Schuichi further teaches the method of claim 22, wherein identification information of 
the user includes personal attributes of the user [Schuichi : par. [003] ; "A communication 
terminal transmits a user ID to a provider to the demand. A provider will demand 
transmission of a password from a communication terminal next, if a user ID checks that it 
is regular ID. A communication terminal transmits a password to the demand. And a 
provider performs user authentication by distinguishing whether the transmitted password 
is a password corresponding to the user ID transmitted previously"; fig. 1, a 
communication terminal is a mobile device 1 00]. 

As per claim 23: 

This claim has limitations that are similar to those of claim 22, thus it is rejected with the 
same rationale applied against claim 22 above. 



As per claim 24: 
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This claim has limitations that are similar to those of claim 12, thus it is rejected with the 
same rationale applied against claim 12 above. 

Claims 13 and 25 are rejected under 35 U.S.C. 103(a) as being unpatentable over Fukuo 
Taro (JP 2000-76336) in view of Wood et al. (US 6,609,198 Bl) and further in view of Fukai 
Shuichi et al. (JP 2000-92236) and further in view of Watanabe Schunichi (JP 06-215009). 

As per claim 13: 

The combination of Taro, Wood, and Schuichi teach the subject matter as described in 
claim 22. 

Taro, Wood, and Schuichi do not explicitly teach receiving from the service device 
information regarding current services provided. 

However, Schuinichi teaches receiving from the service device information regarding 
current services provided [Schunichi: par. [005] ; "The purpose of this invention memorizes 
cumulatively the amount of money for purchase in a unit period for every card number of 
each card issuer. When the amount of money for purchase memorized about the credit 
card shown at the time of processing of transactions exceeds the purchase limit set up 
beforehand, it is in offering the card processing system which can prevent that buy it and 
unjust dealings of the large sums by the surroundings are performed by transmitting that 
to a card issuer"] . 

Thus, it would have been obvious to the person of ordinary skill in the art at the time the 
invention was made to combine the method of Taro, Wood, and Schuichi of the invention by 
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including the step of Schunichi to provide a credit card transaction processing having capability 
of dealing with unjust dealings and exceeding the purchase limit [Schunichi: par. [005]]. 

As per claim 25: 

This claim has limitations that are similar to those of claim 13, thus it is rejected with the 
same rationale applied against claim 13 above. 

Claims 15-16, 26, and 27 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Fukuo Taro (JP 2000-76336) in view of Wood et al. (US 6,609,198 Bl) further in view of 
Watanabe Schunichi (JP 06-215009). 

As per claim 15: 

The combination of Taro and Wood teach the subject matter as described in claim 11. 

Taro and Wood do not explicitly teach wherein the authentication level is selected based 
on a comparison between past service provision history and the information regarding the current 
services provided. 

However, Schunichi teaches the authentication level is selected based on a comparison 
between past service provision history and the information regarding the current services 
provided [Schunichi: par. [005]; "The purpose of this invention memorizes cumulatively the 
amount of money for purchase in a unit period for every card number of each card issuer. 
When the amount of money for purchase memorized about the credit card shown at the 
time of processing of transactions exceeds the purchase limit set up beforehand, it is in 
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offering the card processing system which can prevent that buy it and unjust dealings of 
the large sums by the surroundings are performed by transmitting that to a card issuer"] . 

Thus, it would have been obvious to the person of ordinary skill in the art at the time the 
invention was made to combine the method of Taro and Wood by including the teaching of 
Schunichi to provide a credit card transaction processing having capability of dealing with unjust 
dealings and exceeding the purchase limit [Schunichi: par. [005]]. 

As per claim 16: 

Schunichi further teaches the method of claim 1 1 , wherein the parameter is cost of 
service, services provision area, service provision frequency, or total sum of money for the 
services provided [Schunichi: claim 1, claim 2; par. [005]; "The purpose of this invention 
memorizes cumulatively the amount of money for purchase in a unit period for every card 
number of each card issuer. When the amount of money for purchase memorized about the 
credit card shown at the time of processing of transactions exceeds the purchase limit set 
up beforehand, it is in offering the card processing system which can prevent that buy it 
and unjust dealings of the large sums by the surroundings are performed by transmitting 
that to a card issuer"]. 

As per claim 26: 

This claim has limitations that are similar to those of claim 16, thus it is rejected with the 
same rationale applied against claim 16 above. 
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As per claim 27: 

This claim has limitations that are similar to those of claim 15, thus it is rejected with the 
same rationale applied against claim 1 5 above. 

Claims 18-19 and 20 are rejected under 35 U.S.C. 103(a) as being unpatentable over Fukai 
Shuichi et al. (JP 2000-92236) in view of Fukuo Taro (JP 2000-76336) and further in view of 
Wood et al. (US 6,609,198 Bl) . 

As per claim 18: 

Schuichi teaches a communications device, comprising: 

(a) a receiver operable to receive, from a host computer, a request for information 
regarding authentication of a user [[at a service device, wherein the request is in response to a 
transaction at the service device ]] [Schuichi : par. [003]; "the provider of whom connection 
was required demands transmission of a user ID from a communication terminal first. A 
communication terminal transmits a user ID to a provider to the demand"]; 

(b) a storage device operable to store information regarding the authentication of the 
user [Schuichi : par. [003] ; "A communication terminal transmits a user ID to a provider to 
the demand"; It is inherent that communication terminal stores user ID in a memory 
before transmitting user ID to a provider] ; and 

(c) a transmitter operable to transmit information regarding the authentication of the user, 
stored in the storage device, to the host computer in response to receiving the request for 
information regarding the authentication of the user [Schuichi : par. [006]-[007]; "Moreover, 
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invention according to claim 9 data in the information service equipment which transmits 
through a communication line to the attested communication terminal connection request 
from said communication terminal. It is characterized by having a terminal specific 
information receiving means to receive the terminal specific information which specifies 
the communication terminal concerned, and the authentication means which attests 
whether said connection request is recognized based on said terminal specific information 
which received"] ; 

(d) wherein the communications device is a mobile communications device [Schuichi : 
fig. 1, box 100; par. [0010], cellular phone and land mobile radiotelephone]. 

Schuichi does not explicitly teach a request for information regarding authentication of a 
user at service device, wherein the request is in response to a transaction at the service device. 

However, Taro teaches teach a request for information regarding authentication of a user 
at service device, wherein the request is in response to a transaction at the service device [Taro: 
par. [0024], "The electronic banking authorization system 1-7 receives each authentication 
request demand from two or more Electronic Commerce Technology Division service 
provider equipment 1-6. It has the function to perform authentication for electronic 
banking alone about a user, and functions as an authentication center intensively prepared 
to two or more Electronic Commerce Technology Division service providers"; Electronic 
Commerce Technology Division service provider is known as a service device]. 

Thus, it would have been obvious to the person of ordinary skill in the art at the time the 
invention was made to combine the communication device of Schuichi by including the teaching 
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of Taro to provide users with a means for performing banking authentication while preventing 
leaking of secrecy information [Taro: par. 0011]. 
Schuichi and Taro do not explicitly teach, 

(e) wherein the request for information is received before the transaction has 
completed when a first one of an authentication level is used for the transaction, 

(f) wherein the request for information is received after the transaction has 
completed when a second one of an authentication level is used for the transaction. 

However, Wood teaches log-on service providing credential level change without loss of 
session continuity, wherein 

(e) the request for information is received before the transaction has completed when a 
first one of an authentication level is used for the transaction [Wood: Col. 3, lines 41-53], 

(f) wherein the request for information is received after the transaction has 
completed when a second one of an authentication level is used for the transaction[Wood: Col. 
3, lines 41-53]. 

(g) wherein the transaction is completed without authentication of the user when a second 
one of the authentication level is determined [Wood: Col. 2, lines 32-46; "...Once credentials 
have been obtained for an entity and have been authenticated to a given trust level, access 
is granted without the need for further credentials and authentications See also Col. 2, 
lines 46-67; Col. 3, lines 41-53; Col. 3, lines 64 to Col. 4, line 3]. 

Thus, it would have been obvious to the person of ordinary skill in the art at the time the 
invention was made to combine the communication device of Schuichi and Taro with the 
teaching of Wood to provide a single sign on mechanism that allows an entity to tailor its 
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credentialing to an access requirement while maintaining a persistent session interface [Wood, 
Col. 2, lines 60-62]. 

As per claim 19: 

Schuichi further teaches the communications device of claim 18, wherein the transmitter 
is further operable to selectively transmit, to the host computer, information regarding the 
authentication of the user based on a type of authentication requested [Schuichi : par. [003] ; "A 
provider will demand transmission of a password from a communication terminal next, if a 
user ID checks that it is regular ID. A communication terminal transmits a password to the 
demand. And a provider performs user authentication by distinguishing whether the 
transmitted password is a password corresponding to the user ID transmitted previously"] . 

As per claim 20: 

This claim has limitations that are similar to those of claim 18, thus it is rejected with the 
same rationale applied against claim 18 above. 

Conclusion 

The prior arts made of record and not relied upon are considered pertinent to applicant's 
disclosure. 

US 6892307 Bl to Wood; David L. et al.; 

US 7086085 Bl to Brown; Bruce E et al. 
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THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Canh Le whose telephone number is 571-270-1380. The 
examiner can normally be reached on Monday to Friday 7:30AM to 5:00PM other Friday off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Zand Kambiz can be reached on 571-272-381 1 . The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Canh Le/ 

Examiner, Art Unit 2439 
January 9, 2009 
/Kambiz Zand/ 

Supervisory Patent Examiner, Art Unit 2434 



